Manually compile Auto-Protect kernel modules for Endpoint Protection for Linux
Last Updated February 01, 2019
You want to know how to manually compile the Auto-Protect kernel module for Symantec Endpoint Protection for Linux (SEPFL), and any additional steps that need to be followed. You may need to do this if you have updated the operating system kernel, or if you want to capture more verbose output after auto-compile fails.
Cause of issues have been found unless the following order of operations is followed:
You should perform the install.
Perform the build in this document
This article assumes you already installed the Symantec Endpoint Protection client for Linux and the AutoProtect kernel module failed to enable. This failure may be because the Linux system did not meet the prerequisites for auto-compile to build a custom AutoProtect kernel module, or the compiler returned an error and was unable to enable the AutoProtect kernel module. "Kernel release not specified" is a typical error returned by compilation if the requirements below are not met.
You must install gcc and the Linux kernel source for the Linux kernel for which you want to build the AutoProtect kernel modules. The table below contains what packages to install for your distribution in addition to the gcc package.
In the special build command, the string $(uname -r) represents the operating system kernel version that is currently running. When you use $(uname -r) in the build command, the kernel modules you build will be for the kernel that is currently running. If you are trying to build for a different kernel version, you must replace $(uname -r) with the kernel version for which you want to build. You also need to ensure that you have the kernel source installed for the version for which you are trying to build.
The packages listed in the table above will install the latest kernel source available from your repository. If you are not running the latest available kernel in your distribution, you will need to ensure that you download the same kernel source as the kernel you are running, and replace $(uname -r).
Note: Debian does not provide a generic linux-headers package. Instead, you must download the correct architecture type by specifying it when the linux-headers are downloaded. The packages available are (as of Debian 5.0.4):
Note: Installing linux-source on Ubuntu 10.10 does not appear to install the linux-headers as well. To remedy this, you should also install the correct version of the Linux headers packages (e.g. linux-headers-generic, linux-headers-generic-pae, linux-headers-server, linux-headers-virtual).
Note: to obtain the $flavor and $version of SLES devel package to match currently running kernel, reference the output of "uname -r" command: 3.0.101-80-default # for example using this, search package repositories (bold and underline added here for emphasis): zypper search -s kernel-default-devel | grep 3.0.101-80 reference search output: v | kernel-default-devel | package | 3.0.101-80.1 | x86_64 | SLES11-SP4-Updates and install that package (note the devel package version in this example is suffixed by .1): sudo zypper install kernel-default-devel-3.0.101-80.1
Building the modules
You must build the AutoProtect kernel modules with root privileges, using a terminal program.
In the same directory as ap-kernelmodule.tar.gz (or src/ap-kernelmodule.tar.bz2 in SEP 12.1 RU5 and newer) uncompress the file: tar -xf ap-kernelmodule.tar.gz # same command works also with .tar.bz2 extension
Change into the uncompressed directory: cd ap-kernelmodule
Run the build command. If there is a special build command in the table above, use that: ./build.sh After the build completes, you should see "Congratulations, build was successful!" If you do not see this please review the output of the build command for any error messages. If the build was successful:
For 12.1.5, continue with the remaining steps.
For 12.1.6, the build script automatically moves the AutoProtect kernel modules into place and restarts the services. You can use the final step to verify AutoProtect is enabled.
Change into the directory with the newly built AutoProtect kernel modules cd bin.ira
Move the newly built AutoProtect kernel modules into the autoprotect directory: mv * /opt/Symantec/autoprotect/
Restart the autoprotect and rtvscand services: /etc/init.d/autoprotect restart /etc/init.d/rtvscand restart
Check that AutoProtect is enabled: /opt/Symantec/symantec_antivirus/sav info -a
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe